Authentication Using Asymmetric Keys Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University
Authentication Using Asymmetric Keys Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University
Authentication Problem:How do you prove to someone that you are whom you claim to be? Any system with access control must solve this problem. ■ Goals: -1.Mutual Authentication:each party authenticates itself to the other party. -2.Key Establishment:establish a session key.This session key will be used to encrypt and decrypt messages between the two parties using symmetric key cryptography. Methods -Authentication with asymmetric keys -Authentication with symmetric keys -Human authentication 2
2 Authentication Problem: How do you prove to someone that you are whom you claim to be? Any system with access control must solve this problem. Goals: ─ 1. Mutual Authentication: each party authenticates itself to the other party. ─ 2. Key Establishment: establish a session key. This session key will be used to encrypt and decrypt messages between the two parties using symmetric key cryptography. Methods ─ Authentication with asymmetric keys ─ Authentication with symmetric keys ─ Human authentication
Authentication Using Asymmetric Keys Assumption -Everyone knows your public key -No one(except you)knows your private key Threat Model (i.e.,what we assume attackers can do): -Message injection Inject a new message into a channel,e.g.,TCP poisoning attacks injecting TCP RESET. Message modification Modify a message in a channel -Message loss .Delete a message in a channel -Message replay Replay an old message.The message is authentic,but old. 3
3 Authentication Using Asymmetric Keys Assumption ─ Everyone knows your public key ─ No one (except you) knows your private key Threat Model (i.e., what we assume attackers can do): ─ Message injection ● Inject a new message into a channel, e.g., TCP poisoning attacks injecting TCP RESET. ─ Message modification ● Modify a message in a channel ─ Message loss ● Delete a message in a channel ─ Message replay ● Replay an old message. The message is authentic, but old
Version 1 A,n,(nPRA Alice (Private key PRA Public key PUA) Bob Here n denotes a nounce. An ideal nounce has two properties Freshness(No repetition) -Each nounce is used at most once during any infinite execution of a protocol ●Unpredictability -Knowing all nounces used in the past does not help to determine the next nounce to be used -In practice,it is simulated using a large random number. -Sometimes we only need the freshness property.In this case,we can use: Increasing sequence number.The sender needs to remember the last sequence number.The numbers may increase randomly each time. Real time,i.e.,time stamp. 4
4 Version 1 Here n denotes a nounce. ─ An ideal nounce has two properties ● Freshness (No repetition) – Each nounce is used at most once during any infinite execution of a protocol ● Unpredictability – Knowing all nounces used in the past does not help to determine the next nounce to be used ─ In practice, it is simulated using a large random number. ─ Sometimes we only need the freshness property. In this case, we can use: ● Increasing sequence number. The sender needs to remember the last sequence number. The numbers may increase randomly each time. ● Real time, i.e., time stamp. Alice (Private key PRA, Public key PUA) Bob A, n, {n}PRA
Version 1 A,n,{npRA Alice Bob Question 1:Can we replace (n)by nUA? -Answer:No.Everyone knows PUa and can compute {n}PUA. Question 2:What is wrong with this authentication protocol? -Answer:No.An attacker can replay this message later to authenticate himself to Bob. -How to fix this problem? 5
5 Version 1 Question 1: Can we replace {n}PRA by {n}PUA ? ─ Answer: No. Everyone knows PUA and can compute {n}PUA . Question 2: What is wrong with this authentication protocol? ─ Answer: No. An attacker can replay this message later to authenticate himself to Bob. ─ How to fix this problem? Alice Bob A, n, {n}PRA